Results 1 to 3 of 3

Thread: Process Suspend vs AntiDebuggers

  1. #1

    Lightbulb Process Suspend vs AntiDebuggers

    So, what happens if you start an application normally, suspend it with process explorer and then attach a debugger?
    Are you catching the anitduggers with their pants down or is there more to it?

    I noticed that a code dump suspended and then running an attached debugger shows differences in the code.
    This tells me that I have bypassed at least some anitdebugging features?


  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Blog Entries
    attaching to a running process instead of starting it bypasses only the initial antidebugging measures

    there are close to infinite number of antidebugging measures that could be implemented in run time instead of initial stages

    there are even anti atttach mechanisms to thwart attachin to running process

  3. #3
    So for a newbie this is in the right direction. I have read many documents on this issue and it is starting to make sense. But does the argument stand that if the program is paused at some dialogue box and I suspect the process, attach a debugger, the code up that point should be valid? Of course code which would execute after could also be modified by some antidebugging features. I am just trying to make some progress here so at least I can see all the functions executed until the suspended state.

Similar Threads

  1. Injecting 64-Bit DLL Into 32-Bit Process
    By walied in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 27th, 2013, 01:00
  2. Value Process
    By Jo_ti in forum The Newbie Forum
    Replies: 14
    Last Post: September 4th, 2009, 14:41
  3. Suspend Thread and Resume Thread
    By ring0 in forum The Newbie Forum
    Replies: 0
    Last Post: January 18th, 2009, 04:10
  4. Process Patching
    By evn in forum The Newbie Forum
    Replies: 2
    Last Post: January 22nd, 2004, 14:16
  5. Getting a Process's Address map?
    By Lutrosis in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: September 16th, 2001, 23:13


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts